Workshop in English - US at SunshinePHP 2020
Track Name:
Key West Ballroom
View Slides: https://speakerdeck.com/ericmann/evolution-of-php-security-4eb56c08-9eff-4aec-b4a4-3d803f151437
Checkout the code: https://github.com/ericmann/notes-tutorial
Short URL: https://joind.in/talk/db81e
(QR-Code (opens in new window))
Regardless of reports to the contrary, PHP is a modern, scalable, secure programming language suitable for any number of applications. As with any other language or tool, PHP can only be used securely if the developers using it wield their tools safely. This training class will walk through best practices in: * Password management (including hashing) * Credentials management (API keys) * Data encryption (both local and remote) * Data integrity (i.e., signing and authentication) * Server hardening Attendees will leave with a better understanding of PHP and how to use it in secure applications. Attendees should have an operable PHP environment before arriving. They will be given a code repo to use during the training class which will demonstrate the principles being discussed and allows them to practice from-scratch implementations in code.
Comments
Comments are closed.
A much higher level talk about security that what I know or am used to. Very knowledgeable & friendly presenter. If there was only one thing that I took away from the talk it's that nonces as used in WordPress are not true nonces! Useful references to additional resources at end of talk. Nice introduction of PHP native functions used in PHP security.
Great security talk Eric! I enjoyed the stories and experiences shared about vulnerabilities and security problems. The code to go along with the tutorial was thought out and very helpful to follow along. The pace was good too. The lighter gray text was a bit hard to read on the white background, and some of the questions asked were a bit too targeted, I'd suggest just explaining the reasonings under the presumption the audience doesn't have as deep of an understanding. I liked the baits to research other topics beyond the scope of the talk. Even though I have given tutorials and talks on security topics, I'd still highly recommend attending because I learned new things and appreciated the different perspective and experiences shared.
Good overview of security considerations to have in mind when developing an application. Good references and examples too.
Great talk about security in PHP, filled with great takeaways. Being able to work along the code examples was a great. I highly recommend this talk.
Very knowledgeable speaker! Great talk!
Great Tutorial. Speaker is very knowledgeable. He was able to answer questions in a very friendly manner. Will love to see more talks on other topics from this speaker.
Great tutorial, appreciate for bringing the code examples.
That database data encryption was great technique!
Thank you Eric!